Welcome to the Q3 issue of the Health Advisory Council Newsletter. This quarter, NCL and Council members have been active on many fronts. Please read on for NCL policy updates, a new Q&A with the Consumer Healthcare Products Association Educational Foundation, member updates, and more.

 Save the Date! 11/16 Ensuring Consumer Access to Healthcare Conference 

In response to Health Advisory Council member interest in a policy forum on access, NCL is sponsoring a Nov. 16, 2016 conference on Ensuring Consumer Access to Healthcare. The conference will bring together patient and consumer advocates, healthcare professional organizations, pharmaceutical and healthcare industry representatives, minority groups, insurers, researchers, and government officials for a thought-provoking examination of the current state of healthcare in America, and ways we can improve and increase access to care for all.

Discussion Panels include:

• Strategies to Address the High Cost of Healthcare: Is Access for All Achievable?
• The Move towards Value-Based Healthcare to Improve Patient Access
• Improving Access to Care for Underserved and Minority Populations

Register here today. We hope you’ll be able to join us on Nov. 16! 

 NCL Health Policy at Work 

NCL-AHIP Partnership: MyHealthPlanGuide — In August, NCL announced its new partnership with America’s Health Insurance Plans (AHIP) to create accessible, educational content to help consumers develop the literacy skills needed to better navigate the complex and changing health care system. Central to the partnership is a new interactive website for consumers, named MyHealthPlanGuide, which is slated for launch in early October. We look forward to sharing this resource with you!

Prescription Drug User Fee Act Reauthorization — In August, NCL testified at the FDA Public Meeting on the reauthorization of the Prescription Drug User Fee Act (PDUFA VI). NCL expressed its support for the PDUFA program and many of the features of PDUFA VI, while stressing the need for the FDA to remain independent and not compromise its high standards for safety, efficacy, and quality of prescription drugs.

Click here for more NCL health policy updates. 

 Member spotlight

Get to know Health Advisory Council member Consumer Healthcare Products Association Educational Foundation with a new Q&A. 

 Updates on member programs

Allergan
Allergan’s Bold Social Contract with Patients. In September, Allergan CEO and President Brent Saunders addresses commitment to innovation, access, and responsible pricing ideals and announces a bold Social Contract with Patients. The social contract is a commitment to live by 4 principles:

• Principle 1: Invest & Innovate  
• Principle 2: Access & Pricing  
• Principle 3: Quality & Safety  
• Principle 4: Education

Please learn more about these principles here.

Eli Lilly and Company
Today, more than 5 million Americans are living with Alzheimer’s disease. One in nine over the age of 65 has the disease, with the prevalence increasing to almost a third among those age 85 and older. Eli Lilly’s Alzheimer’s Readiness Project is committed to inspiring action by fostering a deeper understanding of Alzheimer’s, its evolving science, and the public health crisis it poses. Through outreach, events and partnerships, the Project strives to be an important partner and voice in the global Alzheimer’s conversation, elevating awareness of the need for and value of advancements in the fight against Alzheimer’s disease. To learn more, visit alzreadinessproject.com. 

Food and Drug Administration/Center for Drug Evaluation and Research
Drug Safety Labeling Changes (SLC) Database 
Drug safety labeling changes (SLC) data on the Web will now be available much faster for health care providers, health information technology vendors, and the public to view, search, and download.

Prior to September 2016, FDA’s MedWatch program posted safety labeling changes on a monthly basis. Now, the SLCs will be housed in a CDER database and published as close to the day of the labeling supplement approval as possible. Prompt access to these vitally important safety data will ultimately benefit patients as this information will be communicated to their health care providers in a much more timely manner. The new CDER database will include SLC data from January 2016 forward. Data prior to January will continue to be available on the MedWatch Web site. Learn more here or access the database here.

Orange Book Web 2.0
FDA launched an enhanced Web site for the Approved Drug Products with Therapeutic Equivalence Evaluations list – most commonly known as the “Orange Book.” The Orange Book identifies drug products approved on the basis of safety and effectiveness by FDA. Orange Book users include pharmacists, prescribers, industry, Agency employees, and third-party payers.

The redesigned Orange Book has an improved look, feel, and functionality. Commonly used features, such as the search and browse options, can now be found on the home page. New features will help users navigate the Orange Book and customize their research. The new design also displays groups of accordion-like panels, which open to reveal new and enhanced features. It gives users a link to background information, Orange Book publications, and contact information.

The Orange Book first appeared as a print publication in October 1980. Since 1984, it has included information about patents and exclusivity for listed products. In 1997, FDA made the Orange Book database available for searching on the Web. Today “Orange Book” is one of the most searched-for terms on FDA.gov. This user-friendly technology is also available as a mobile application, making it easier to access important drug information.

McNeil Consumer Healthcare
McNeil Consumer Healthcare is thrilled to announce the expansion and complete redesign of GetReliefResponsibly.com. Grounded in consumer insights and data, the new website has updated content and resources, a new look and feel, and an improved user experience geared to our key audiences. The objective of this site has broadened beyond providing education about the safe use of acetaminophen to providing education about the appropriate choice and use of OTC analgesics and the safe storage and disposal of all OTCs.

In conjunction with the consumer site, McNeil also launched the Get Relief Responsibly® Professional Resource Center: GetReliefResponsiblyProfessional.com. Targeted to healthcare professionals (HCPs), the site aims to empower HCPs to make appropriate OTC analgesic recommendations and to encourage safe use dialogue with their patients. With the re-launch of the new, unbranded GetReliefResponsibly.com, McNeil is proud to offer direct pathways to many of its partner organization websites and resources. If you have any questions or are interested to learn more, please reach out to Leily Saadat-Lajevardi at lsaadat@its.jnj.com.

Medication Adherence Alliance
The Medication Adherence Alliance is an organization comprised of representatives from consumer advocacy groups, community health providers, non-profit groups, the academic community, decision-making government officials and industry representatives. Launched in early 2016, The Medication Adherence Alliance’s new website, http://managingyourmeds.org, serves as a comprehensive repository of up-to-date adherence resources. From patient tools to new research findings to updates on related policies, the website provides a wealth of information for the health care community on medication adherence. Features include:

• Patient and Provider Toolkits: Including a variety of products patients and providers can use to encourage medication adherence;
• Adherence Facts: Key information for all members of the health care community;
• Promising Practices: A compilation of current practices, as well as practices under development, that aim to help patients remain adherent; and
• Research Compendium: Consisting of original research, reviews and meta-analyses and commentaries.

Upcoming Conference: Suboptimal Medication Use and Population Health – Intersection of Research, Implementation, and Policy 
The Suboptimal Medication Use and Population Health – Intersection of Research, Implementation, and Policy Conference will be held in Washington DC, December 5-6, 2016. The conference will assemble a variety of stakeholders representing diverse backgrounds (payers, patients, researchers, policymakers and government officials) to identify and disseminate practical and effective strategies to improve population health through better medication use. Conference details and registration information are coming soon.

National Association of Nurse Practitioners in Women’s Health
Call for public comment: Women’s Preventive Services Initiative draft recommendations

The Women’s Preventive Services Initiative (WPSI) Advisory Panel* and Multidisciplinary Steering Committee have released draft recommendations for women’s preventive health care services, including the HRSA-sponsored Women’s Preventive Services Guidelines. The draft recommendations are available for public comment from September 1-30, 2016. Please consider reviewing and contributing your feedback on these draft recommendations. Click here to enter your comments. 

*The WPSI is overseen by an Advisory Panel comprised of representatives from The American College of Obstetricians and Gynecologists (ACOG) and three other major professional organizations representing the majority of women’s health care providers, including the American Academy of Family Physicians (AAFP), American College of Physicians (ACP), and National Association of Nurse Practitioners in Women’s Health (NPWH). The Advisory Panel guides the work of the WPSI and ensures that the initiative delivers a consistent message.

National Council on Patient Information and Education (NCPIE)
Talk About Your Medicines Month (October 2016) – This October marks the 31^st annual observance of “Talk About Your Medicines Month” by the National Council on Patient Information and Education (NCPIE) to call attention to the impact that high-quality patient – healthcare provider communication can play in promoting better medicine use and better health outcomes. This year’s theme: Let‛s Talk About Polypharmacy: America’s Other Drug Problem, casts a spotlight on a significant and growing medication safe use issue – POLYPHARMACY, the use of 5 or more medications by the same person at the same time – putting patients at increased risk for drug interactions and side effects. Coming soon on talkaboutrx.org will be tips and resources for patients and providers to help manage polypharmacy including a “Are you at risk for harm by polypharmacy” checklist. Please contact Deborah Davidson at ddavidson@ncpie.info if you are interested in receiving the 2016 TAYM Month communications toolkit. 

USP
The U.S. Pharmacopeial Convention (USP) launched the next generation of its Food Fraud Database (FFD 2.0) to help food manufacturers and retailers make informed decisions about ingredients in their portfolio that may have a greater potential of being adulterated. The goal is to provide brand protection, increase consumer trust and support new food safety regulations recently finalized by the FDA.

Food fraud, also referred to as economically-motivated adulteration (EMA), is a global economic and public health problem, costing industry an estimated 10 to 15 billion dollars annually and affecting as much as 10 percent of the global food supply. 

USP’s FFD 2.0 provides hazards reports on specific adulterants, making it easier for manufacturers and retailers to quickly identify ingredients with a known history of adulteration with potentially hazardous substances. For more information on the FFD 2.0 and other food fraud prevention tools, including standards, training and advising services, visit www.foodfraud.org.

 We want to hear from you!

Online members-only discussion board – We encourage you to take advantage of the online members-only communications portal, where members may share news, suggestions, and ideas directly with each other. Log on here. If you haven’t already, you will be instructed to create an account in order to view discussion items. The members-only forum is only visible to people who have been given access privileges.

Thank you for your continued interest in the Health Advisory Council!
Please stay in touch! Feel free to contact Karin Bolte (karinb@nclnet.org) or Amy Sonderman (amys@nclnet.org).

_______________

National Consumers League
Published September 28, 2016

NCL-AHIP Partnership: MyHealthPlanGuide — In August, NCL announced its new partnership with America’s Health Insurance Plans (AHIP) to create, accessible educational content to help consumers develop the literacy skills needed to better navigate the complex and changing health care system. Central to the partnership is a new interactive website for consumers, named MyHealthPlanGuide, which is slated for launch in early October. We look forward to sharing this resource with you!

Prescription Drug User Fee Act Reauthorization — In August, NCL testified at the FDA Public Meeting on the reauthorization of the Prescription Drug User Fee Act (PDUFA VI). NCL expressed its support for the PDUFA program and many of the features of PDUFA VI, while stressing the need for the FDA to remain independent and not compromise its high standards for safety, efficacy, and quality of prescription drugs.

Dietary Supplements Quality Collaborative — NCL recently joined the Dietary Supplements Quality (DSQ) Collaborative, which is supported by USP and consists of 18 organizations that are committed to advancing the quality and safety of products marketed as dietary supplements in the United States. One of the main goals of the DSQ Collaborative is to develop strategies to protect consumers from bad actors and dangerous products.

Script Your Future Campaign — Karin Bolte, NCL’s Health Policy Director, was pleased to present the 2016 Medication Adherence Team Challenge awards at the American Association of Colleges of Pharmacy’s (AACP) Annual Meeting in July. This year’s award winners were the University of Charleston School of Pharmacy (National Award), University of Pittsburgh School of Pharmacy (National Award), Northeast Ohio Medical University (Health Disparities), University of North Carolina at Chapel Hill (Media), and the University of Maryland School of Pharmacy (Creative Interprofessional Team Event). NCL is busy preparing for the 2017 Team Challenge. In addition, NCL has been invited to give an overview of lessons learned from the Script Your Future campaign at the Dec. 5– 6 Suboptimal Medication Use and Population Health-Intersection of Research, Implementation, and Policy conference in Washington, DC.

We Won’t Wait Campaign — NCL has joined WomenAgainstAlzheimer’s We Won’t Wait campaign, the first-ever widespread effort to define Alzheimer’s as the 21st Century’s primary economic justice issue and health crisis for women. NCL was a co-host with WomenAgainstAlzheimer’s, Eli Lilly’s Alzheimer’s Readiness Project, and other campaign partners of a Women Leading the Way luncheon at the Democratic National Convention in July. NCL will also be participating in the National Alzheimer’s Summit on September 28.

Issue 28 | September 14, 2016

#DataInsecurity Digest: Russians hack WADA, ransomware on tap at the FTC and our interview with AG Madigan

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: We are excited for our second installment of our #DataInsecurity Thought Leaders series featuring Illinois Attorney General and 2016 Trumpeter Award Recipient Lisa Madigan! Excerpts from our chat are below, and the full interview is available online.

The same Russian outfit that hacked the DNC is making news again, this time for a hack of the World Anti-Doping Agency, which has been at the center of a report alleging massive cheating by Russian athletes. At an FTC forum on ransomware, Chairwoman Ramirez recently stated that ransomware is the “new business model” for scammers. The FTC’s focus is unsurprising, given new estimates that it’s costing businesses $75 billion per year. A new House Oversight Committee’s report on the OPM breach, which ranks among the most serious in recent memory, is blistering, pointing the finger at a failure of leadership at the agency. The Department of Education could be in Oversight Chairman Rep. Jason Chaffetz’s sights next, as he again warned that a breach there could be even more damaging than the one at OPM. It was another big week for breaches with Kimpton Hotels and adult website Brazzers being hit, potentially exposing 800,000+ users. Not to be forgotten, Russia again made cybernews this week as federal investigators announced an investigation into Russia’s possible intent to use cyber attacks at the DNC to undermine American confidence in the election process.

—————–

Thought Leaders interview with Attorney General Lisa Madigan

Illinois Attorney General Lisa Madigan sat down to answer questions for us about the role her office is playing in keeping Illinois consumers safer from data breaches and identity fraud. Excerpts from our interview are below. You can read the full interview at our site.

NCL: Illinois is considered by many to have some of the strongest data breach notification and data security laws in the country. How would you describe the state of data security in Illinois? How have Illinois’ actions on data security affected the debate about data security nationally?

AG Madigan: Data security is one of the biggest challenges we face as a nation and Illinois is no exception. It’s an ongoing struggle for all Americans and the companies, non-profits, and government agencies that hold our personal information. … At this point, Americans realize it’s not a matter of if, but when, they will be a victim of some form of identity theft. In this environment, Americans need and expect more transparency of data breaches. Not less.

NCL: Many data breach notification and data security laws were introduced in Washington, DC during the 114th Congress, but none of them were enacted into law. In the next Congress, what steps should policymakers at the federal level take to reduce incidences of data breaches and help consumers avoid the fallout?

AG Madigan: I’ve testified in support of federal data security legislation in both the U.S. House and Senate and to share the concerns of Illinois consumers. They have told me they are concerned by the increasing number of breaches. They demand notification when their information is stolen. They want to know what they can do to protect themselves from identity theft. And they want to know whether companies are doing enough to prevent breaches and protect their information.

So a weak, national law that restricts what most state laws have long provided will not meet consumers’ increasing expectation that they be told when their information has been stolen. Instead, Congress should seek to pass legislation that ensures notification of breaches of information that can harm Americans. Therefore, the definition of “protected personal information” should be broad and include the growing amount of sensitive information that companies are collecting from consumers. I also think it’s vital that federal law not preempt state data breach laws.

NCL: Illinois has one of the nation’s strongest privacy laws in the country regarding biometric data — the Biometric Information Privacy Act. That law has been under scrutiny by the legislature and the courts this year. From your point of view, what is the benefit of this law to consumers, and what do you think the future holds for biometric privacy laws in Illinois and beyond?

AG Madigan: The Illinois Biometric Information Privacy Act (BIPA) offers enormous protections to consumers over biometric information and significantly reduces the risk of identity theft. At its core, BIPA requires companies to provide notice to and consent by consumers to use their biometric data, limits the scope of how the data can be used, requires companies to use reasonable security measures to protect the data and requires permanent destruction of biometric data within a set period of time. Importantly, BIPA prohibits the sale, lease or trade of biometric data.

Read full interview here.

This edition’s #DataInsecurity Clips

Gold medal for hacking: Russians breach World Anti-Doping Agency. The same outfit thought to be responsible for breaches at the Democratic National Committee is responsible for hacking into athletes’ medical records in advance of the Rio Olympics. Writes @publicbill: “Some of the data listed athletes’ therapeutic use exemptions, which allow banned substances to be taken if they’re deemed to be necessary for an athlete to cope with an illness or medical condition. … The breach is believed to be a case of ‘spear phishing of email accounts[.]’” (Source: NPR)

Ramirez: Ransomware the most profitable malware in history. The FTC kicked off its Fall Technology Series last week with a thorough discussion on ransomware. @Slabodkin reports that Chairwoman Ramirez set the tone by declaring that “ransomware is ‘among the most troubling cyber threats’ confronting the United States that is ‘becoming increasingly more pernicious’ and is ‘escalating at an alarming rate.’ Citing statistics…that the U.S. averages 4,000 incidents per day.” (Source: Information Magnet)

Ransomware costs businesses an estimated $75 billion a year. Longtime readers of The #DataInsecurity Digest will recall the FBI’s recent announcement that ransomware attacks cost victims a total of $209 million in the first three months of 2016. @datto, a cybersecurity company, now claims a higher estimate of $75 billion a year, factoring in lost productivity, the ransomware payment itself, and the finding that “less than 1 in 4 ransomware incidents are reported to the authorities.” (Source: The Atlantic)

OPM breach a “failure of culture and leadership, not technology.” The House Oversight Committee released its long awaited 241-page report on the unprecedented 2014 breach at the Office of Personnel Management (OPM) that compromised the background records of millions of Americans. In addition to finding that the government has never been more vulnerable to cyber attacks, it found: “the long-standing failure of OPM’s leadership to implement basic cyber hygiene…despite years of warnings from the inspector general, represents a failure of culture and leadership, not technology.” (Source: Fed Scoop, Full report)

Chaffetz: Breach at DOE could be worse than OPM. Following up on his committee’s report on OPM, Rep. Chaffetz bestowed the title of “the biggest vulnerability that I see out there right now” on the Department of Education (DOE). @Nextgov reports that Chavez lamented woeful security at the agency, which holds 130 million Social Security numbers in its databases: “despite housing tens of millions of people’s sensitive information and 180-plus databases, the agency doesn’t ‘even have the most basic of tools’ to protect them against breaches.” (Source: Nextgov)

Breach du jour: Kimpton Hotels. Kimpton Hotels, a subsidiary of Intercontinental Hotels Group, is the latest hotel chain to be breached, with a POS system malware attack on 62 properties and restaurants. @stevenmusil reports, “Cards used at certain restaurants and hotel front desks between February 16 and July 7 may be affected. The chain has published a list of properties where customers’ cards may be affected, along with specific at-risk time frames, and said it will be contacting customers who may have had data exposed.” (Source: CNET)

Breach du Jour part II: Nearly 800,000 Brazzers accounts compromised. The adult website Brazzers suffered a massive breach that revealed the email addresses, usernames, and plaintext passwords of nearly 800,000 of its users. Troy Hunt, creator of Have I been Pwned, which helped validate the authenticity of the breach noted, “We also know that forum breaches frequently include not just user credentials, but private messages as well, and those can be particularly revealing.” (Source: Motherboard)

Russian hacking plan to undermine confidence in U.S. electoral process under investigation. As leaders in Washington plan their response to Russia’s alleged hack of the DNC and the Arizona and Illinois voter registration databases, @danapriest reports that the Director of National Intelligence James Clapper Jr. has been chosen to lead the investigation aimed at discerning “the [attack’s] scope and intent.” The investigation follows Putin’s recent comment, “It doesn’t really matter who hacked this data from Mrs. Clinton’s campaign headquarters. …The important thing is the content was given to the public.” (Source: Washington Post)

Upcoming event

January 12, 2017 – PrivacyCon – Washington, DC
The FTC will host its second PrivacyCon conference “to continue and expand collaboration among leading whitehat researchers, academics, industry representatives, consumer advocates, and the government to address the privacy and security implications of emerging technologies.”

National Consumers League
Published September 14, 2016

Issue 27 | August 31, 2016

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: Wow, we take a few weeks off for R&R and data security news lights up. Fortunately, we’re back from our summer break, so it’s time to catch you up on what you may have missed.

The epic hacking—if true—of the National Security Agency (NSA) has reportedly exposed many of the their trade secrets. In addition, Wikileaks’ reputation took a hit when it distributed apparently hacked (or leaked) data that contained sensitive information of private citizens, including their Social Security numbers and sexual orientations. In somewhat more commonplace data security news, Eddie Bauer joined the ranks of retailers suffering from point-of-sale (POS) breaches when they discovered that all 350 of their North American stores were infected with malware. This will no doubt cause a dent in their sales; KPMG found that 19 percent of consumers will stop shopping at a retailer altogether in the wake of a data breach. However, news of a potential hack at Oracle—a major vendor of POS software systems—could point the finger at someone besides the retailers for this latest spate of attacks.

And now, on to the clips!

—————–

Breach du jour: Eddie Bauer stores POS systems breached. News broke that malware infected point-of-sale systems at more that 350 Eddie Bauer stores in North America during the first six months of 2016. The malware is said to have been scooping up the credit and debit card numbers of shoppers at the chain’s retail locations. Security researcher @briankrebs, who originally alerted the store of a potential breach 6 weeks before it was announced, used the news as a teachable moment for the industry calling on all breached entities to “offer the cyber defenders of the world just a few details about the attack tools and online staging grounds the intruders used. That way, other companies could use the information to find out if they are similarly victimized and to stop the bleeding of customer card data as quickly as possible.” (Source: KrebsOnSecurity.com)

Is a breach at Oracle the source of retail, hotel breaches? Regular readers of the #DataInsecurity Digest will note that we haven’t been shy in noting the spate of breaches at restaurant, retail, and hotel chains recently. If @briankrebs is to be believed, a breach at cloud giant Oracle—specifically its MICROS point-of-sale provision system—could be the culprit. Writes Krebs, “MICROS is among the top three point-of-sale vendors globally. Oracle’s MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide … the company said MICROS’s systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels. … Oracle’s own statement seems to suggest the company is concerned that compromised credentials for customer accounts at the MICROS support portal could be used to remotely administer — and, more importantly, to upload card-stealing malware to — some customer point-of-sale systems.” (Source: KrebsOnSecurity.com)

More evidence that data breaches lead to lost customers. KPMG’s 2016 Consumer Loss Barometer, has found that consumers will readily cease doing business in the wake of a data breach. The barometer found that among the 448 consumers that were surveyed, “19 percent said they would stop shopping at a retailer that had been a victim of a cybersecurity hack, even if the company took the necessary steps to remedy the issue. In addition to those who would abandon the retailer entirely, 33 percent of the consumers indicated that fears of further exposure of their personal information would prevent them from shopping at a breached retailer for at least three months.” (Source: KPMG and PRNewswire)

Trump campaign hacked. Reuters reports, “At least one Trump staff member’s email account was infected with malware in 2015 and sent malicious emails to colleagues, according to one insider for the Republican candidate’s campaign and an outside security expert.” Two sources told Reuters that “The tools and techniques used to hack Republican targets resemble those employed in attacks on Democratic Party organizations, including the DNC and Clinton’s campaign organization… That has led U.S. officials to reach a preliminary assessment that Russia’s military and civilian intelligence agencies or their proxies have targeted both political parties.” (Source: Reuters)

ICYMI: The NSA was hacked last week. The hacking group, Shadow Brokers, is auctioning off the NSA’s cyber weapons, reportedly from the NSA’s elite hacking outfit, the “Equation Group.” Such a breach raises serious concerns due to the amount of personal data the NSA collects and what could happen if these hacking tools ended up in the wrong hands. In the wake of the breach, investigators have been scrambling to see what went wrong. As @PaulSzoldra reports, “There are now two prevailing theories as to how the Shadow Brokers obtained the files: Either they hacked a server used by NSA hackers to stage attacks that had the files mistakenly left there by an operator, or an agency insider downloaded the data and later leaked it online.” (Source: Business Insider)

The (other) downside to Wikileaks. When Wikileaks first came onto the international stage, the controversial transparency organization received some support for their efforts to add sunlight to the political process. Now many of the site’s original supporters, such as Edward Snowden, are beginning to distance themselves from the site as the organization continues to be plagued by allegations of a lack of proper document vetting, resulting in ordinary people getting hurt. Associated Press reports that the site actually named teenage rape victims, published Social Security numbers of private citizens and even “published the name of a Saudi citizen arrested for being gay, an extraordinary move given that homosexuality is punishable by death in the ultraconservative Muslim kingdom.” (Source: Associated Press)

32 percent of hospitals are not encrypting patient data. @lucasmearian reports that Healthcare Information and Management Systems Society (HIMSS) recently conducted a study that found “about 32 percent of hospitals and 52 percent of non-acute providers—such as outpatient clinics, rehabilitation facilities and physicians’ offices—are not encrypting data in transit, according to a new survey. Additionally, only 61 percent of acute providers and 48 percent of non-acute providers are encrypting data at rest.” In addition to the possibility that this sensitive data could be compromised in a data breach, the study expressed concerns that this “leaves the door wide open to potential tampering and corruption of the data.” (Source: ITWorld)

Canada and Australia find that Ashley Madison violated privacy laws. The controversial dating site with the slogan “Life is short, have an affair,” which suffered a major breach last year has been found to have violated Australian and Canadian privacy laws. Reuters reports, “The probe found the Toronto-based company had inadequate safeguards in place, including poor password management and a fabricated security trustmark on the website’s home page.” The website’s parent company is also currently being investigated by the Federal Trade Commission. (Source: Reuters)

Country not found: Official Ukrainian Twitter accounts hacked. As Ukraine celebrated the 25th anniversary of its independence from Russia, (presumably) Russian hackers sought to steal the joy from the day by hacking Ukraine’s National Guard and Armed Forces social media accounts and posting tweets in Russian declaring “Ukraine is no more” and “Country not found.” (Source: Newsweek)

Agenda for FTC’s Ransomware workshop announced. The FTC will once again convene a who’s who of data security experts for its ransomware workshop on Wednesday, September 7. Because we endeavor to save you precious billable hours, here’s a Twitter list you can follow to stay up-to-date on all the side conversations from the event. See below for more information on the workshop.

Upcoming events

September 7 – Fall Technology Series: Ransomware – Washington, DC
The FTC’s first event in this year’s Fall Technology Series will take place on Wednesday, September 7, 2016 in Washington, DC. This half-day workshop will address how ransomware works, what victims should do, the role of education, and what technological measures can be taken to prevent a ransomware attack.

January 12, 2017 – PrivacyCon – Washington, DC
The FTC will host its second PrivacyCon conference “to continue and expand collaboration among leading whitehat researchers, academics, industry representatives, consumer advocates, and the government to address the privacy and security implications of emerging technologies.”

National Consumers League
Published August 31, 2016